On Tue, Nov 25, 2008 at 9:48 AM, Gunnar Peterson <[EMAIL PROTECTED]>wrote:
> > but actually the main point of my post and the one i would like to > hear people's thoughts on - is to say that attempting to apply > principle of least privilege in the real world often leads to drilling > dry wells. i am not blaming any group in particular i am saying i > think it is in the "too hard" pile for now and we as software security > people should not be advocating for it until or unless we can find > cost effective ways to implement it. > > I'd love to hear someone from Microsoft talk about the creation of default ready for shipping service security profiles for Server-2008. Windows has lots of services and lots of privileges that can be configured. Every paper I've generally seen on the subject is about reverse engineering least privileges by reducing them, checking whether the software still functions, looking for access violations, and then increasing the privileges until things start working. A lot like this Calvin and Hobbes comic: CALVIN: How do they know the load limit on bridges, Dad? DAD: They drive bigger and bigger trucks over the bridge until it breaks. Then they weigh the last truck and rebuild the bridge. This is what we do with least privilege, but without ever knowing whether we've really gotten the least privileges, or not. Hell, in a modern operating system how the hell do you figure this out anyway? - Andy
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________